CVE-2018-9568

HIGH

Android - Memory Corruption

Title source: llm

Description

In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.

References (13)

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:0512

[Third Party Advisory] https://usn.ubuntu.com/3880-1/

[Third Party Advisory] https://usn.ubuntu.com/3880-2/

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:0514

[Patch, Vendor Advisory] https://source.android.com/security/bulletin/2018-12-01

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:2696

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:2730

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:2736

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:3967

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:4056

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:4159

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:4164

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:4255

Scores

CVSS v3 7.8

EPSS 0.0046

EPSS Percentile 64.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-704

Status published

Products (10)

canonical/ubuntu_linux 12.04

canonical/ubuntu_linux 14.04

google/android

linux/linux_kernel < 3.10.108

redhat/enterprise_linux_desktop 7.0

redhat/enterprise_linux_server 7.0

redhat/enterprise_linux_server_aus 7.6

redhat/enterprise_linux_server_eus 7.6

redhat/enterprise_linux_server_tus 7.6

redhat/enterprise_linux_workstation 7.0

Published Dec 06, 2018

Tracked Since Feb 18, 2026